本文介绍了“请检查 gdb 是否经过代码签名 - 参见 taskgated(8)"- 如何安装带有签名的自制代码的 gdb?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在 osx 10.8.4 下并且已经安装了带有自制软件的 gdb 7.5.1(动机是获得一个具有新功能的新 gdb,例如 --with-python 等...)

I'm under osx 10.8.4 and have installed gdb 7.5.1 with homebrew (motivation get a new gdb with new features such as --with-python etc... )

当我在一个 c++ Eclipse 项目中运行调试时,长话短说:

Long story short when I run debug within a c++ Eclipse project I get :

Error in final launch sequence
Failed to execute MI command:
-exec-run
Error message from debugger back end:
Unable to find Mach task port for process-id 46234: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
Unable to find Mach task port for process-id 46234: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))

我遵循了各种关于代码签名的建议

I have followed various suggestions for code signing

  • https://sourceware.org/gdb/wiki/BuildingOnDarwin
  • partly http://www.noktec.be/archives/1251 with various adjusts

所以我做到了:

  1. 设置证书
  2. 签署 gdb -> codesign -s gdb-cert/usr/local/bin/gdb

当我在 Eclipse 中重新运行调试时,我得到与上面相同的错误(请检查 gdb 是否经过代码签名 - 请参阅 taskgated(8))".

When I re-run debugging in Eclipse I get same error as above "(please check gdb is codesigned - see taskgated(8))".

如果我将 gdb 设置回旧的 gdb(在 Eclipse 的 gdb 首选项中)/usr/libexec/gdb/gdb-i386-apple-darwin,调试将按预期运行.

If I set back the gdb to the older gdb (in the gdb preferences of Eclipse) /usr/libexec/gdb/gdb-i386-apple-darwin the debugging runs as expected.

有任何解决方案/提示吗?

Any solutions / hints out there ?

谢谢

佩尔

推荐答案

出现此错误是因为 OSX 实现了 pid 访问策略,该策略需要二进制文件的数字签名才能访问其他进程 pid.要使 gdb 能够访问其他进程,我们必须首先对二进制文件进行代码签名.此签名取决于用户必须创建并在系统中注册的特定证书.

This error occurs because OSX implements a pid access policy which requires a digital signature for binaries to access other processes pids. To enable gdb access to other processes, we must first code sign the binary. This signature depends on a particular certificate, which the user must create and register with the system.

要创建代码签名证书,请打开钥匙串访问应用程序.选择菜单 Keychain Access -> Certificate Assistant -> Create a Certificate…

To create a code signing certificate, open the Keychain Access application. Choose menu Keychain Access -> Certificate Assistant -> Create a Certificate…

为证书选择一个名称(例如 gdb-cert),将身份类型设置为自签名根,将证书类型设置为代码签名,然后选择让我覆盖默认值.单击 Continue 几次,直到出现 Specify a Location For The Certificate 屏幕,然后将 Keychain 设置为 System.

Choose a name for the certificate (e.g., gdb-cert), set Identity Type to Self Signed Root, set Certificate Type to Code Signing and select the Let me override defaults. Click several times on Continue until you get to the Specify a Location For The Certificate screen, then set Keychain to System.

双击证书,打开信任部分,将代码签名设置为始终信任.退出钥匙串访问应用程序.

Double click on the certificate, open Trust section, and set Code Signing to Always Trust. Exit Keychain Access application.

重启 taskgated 服务,并签署二进制文件.

Restart the taskgated service, and sign the binary.

$ sudo killall taskgated
$ codesign -fs gdb-cert "$(which gdb)"

来源http://andresabino.com/2015/04/14/codesign-gdb-on-mac-os-x-yosemite-10-10-2/

在 macOS 10.12 (Sierra) 及更高版本上,您还必须

On macOS 10.12 (Sierra) and later, you must also

使用 gdb 7.12.1 或更高版本另外防止 gdb 使用 shell 启动要调试的程序.您可以在 gdb 中为此使用以下命令:

Use gdb 7.12.1 or laterAdditionally prevent gdb from using a shell to start the program to be debugged. You can use the following command for this inside gdb:

set startup-with-shell off

您也可以将最后一条命令放在主目录中名为 .gdbinit 的文件中,在这种情况下,每次启动 gdb 时都会自动应用它

You can also put this last command in a file called .gdbinit in your home directory, in which case it will be applied automatically every time you start gdb

echo "set startup-with-shell off" >> ~/.gdbinit

来源:https://sourceware.org/gdb/wiki/BuildingOnDarwin

这篇关于“请检查 gdb 是否经过代码签名 - 参见 taskgated(8)"- 如何安装带有签名的自制代码的 gdb?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-11 00:58